JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 2a01:4f8:1c1b:66c9::1

2a01:4f8:1c1b:66c9::1 was found in our database!

This IP was reported 14 times. Confidence of Abuse is 3%: ?

Important Note: Public IPv6 addresses may implement the SLAAC privacy extension. With this, the interface identifier is randomly generated. The SLAAC privacy extension also implements a time out, which is configurable, so that the IPv6 interface addresses will be discarded and a new interface identifier is generated.

ISP	Hetzner Online GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS24940
Domain Name	hetzner.com
Country	🇩🇪 Germany
City	Nuremberg, Bavaria

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 2a01:4f8:1c1b:66c9::1

Whois 2a01:4f8:1c1b:66c9::1

IP Abuse Reports for 2a01:4f8:1c1b:66c9::1:

This IP address has been reported a total of 14 times from 4 distinct sources. 2a01:4f8:1c1b:66c9::1 was first reported on May 18th 2024, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇪🇸 el-brujo	2026-06-15 18:30:47 (1 week ago)	Cloudflare WAF: Request Path: / Request Query: Host: elhacker.net userAgent: Mozilla/5.0 (iPhone; U ... show more Cloudflare WAF: Request Path: / Request Query: Host: elhacker.net userAgent: Mozilla/5.0 (iPhone; U; CPU like Mac OS X; en) AppleWebKit/420+ (KHTML, like Gecko) Version/3.0 Mobile/1C25 Safari/419.3 Action: block Source: ratelimit ASN Description: Hetzner Online GmbH Country: DE Method: GET Timestamp: 2026-06-15T18:30:47Z ruleId: c0c2d5c2a7024f7fbdba4d0f7a002ea8. Report generated by Cloudflare-WAF-to-AbuseIPDB (https://github.com/MHG-LAB/Cloudflare-WAF-to-AbuseIPDB). show less	Hacking SQL Injection Web App Attack
🇪🇸 el-brujo	2026-04-25 12:40:51 (1 month ago)	Cloudflare WAF: Request Path: / Request Query: Host: elhacker.net userAgent: Mozilla/5.0 (Linux; U; ... show more Cloudflare WAF: Request Path: / Request Query: Host: elhacker.net userAgent: Mozilla/5.0 (Linux; U; Android 4.0.3; ko-kr; LG-L160L Build/IML74K) AppleWebkit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30 Action: block Source: ratelimit ASN Description: Hetzner Online GmbH Country: DE Method: GET Timestamp: 2026-04-25T12:40:51Z ruleId: c0c2d5c2a7024f7fbdba4d0f7a002ea8. Report generated by Cloudflare-WAF-to-AbuseIPDB (https://github.com/MHG-LAB/Cloudflare-WAF-to-AbuseIPDB). show less	Hacking SQL Injection Web App Attack
🇪🇸 el-brujo	2026-03-17 10:58:31 (3 months ago)	Cloudflare WAF: Request Path: / Request Query: Host: foro.elhacker.net userAgent: Mozilla/5.0 (Linu ... show more Cloudflare WAF: Request Path: / Request Query: Host: foro.elhacker.net userAgent: Mozilla/5.0 (Linux; U; Android 4.0.3; ko-kr; LG-L160L Build/IML74K) AppleWebkit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30 Action: block Source: ratelimit ASN Description: HETZNER-AS Country: DE Method: GET Timestamp: 2026-03-17T10:58:31Z ruleId: c0c2d5c2a7024f7fbdba4d0f7a002ea8. Report generated by Cloudflare-WAF-to-AbuseIPDB (https://github.com/MHG-LAB/Cloudflare-WAF-to-AbuseIPDB). show less	Hacking SQL Injection Web App Attack
🇪🇸 el-brujo	2025-12-27 10:01:33 (5 months ago)	Cloudflare WAF: Request Path: / Request Query: Host: www.elhacker.net userAgent: Mozilla/5.0 (Windo ... show more Cloudflare WAF: Request Path: / Request Query: Host: www.elhacker.net userAgent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/536.6 (KHTML, like Gecko) Chrome/20.0.1092.0 Safari/536.6 Action: block Source: ratelimit ASN Description: HETZNER-AS Country: DE Method: GET Timestamp: 2025-12-27T10:01:33Z ruleId: c0c2d5c2a7024f7fbdba4d0f7a002ea8. Report generated by Cloudflare-WAF-to-AbuseIPDB (https://github.com/MHG-LAB/Cloudflare-WAF-to-AbuseIPDB). show less	Hacking SQL Injection Web App Attack
🇩🇪 stinpriza	2025-12-06 01:22:10 (6 months ago)	Web App Attack	Web App Attack
🇺🇸 TPI-Abuse	2025-07-28 07:44:19 (10 months ago)	(mod_security) mod_security (id:210730) triggered by 2a01:4f8:1c1b:66c9::1 (Unknown): 1 in the last ... show more (mod_security) mod_security (id:210730) triggered by 2a01:4f8:1c1b:66c9::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 28 03:44:15.051479 2025] [security2:error] [pid 22432:tid 22432] [client 2a01:4f8:1c1b:66c9::1:58782] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.ourodyssey.us\|F\|2"] [data ".blogspot.com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.ourodyssey.us"] [uri "/ourodyssey.blogspot.com"] [unique_id "aIcqTyW0i8oS2NFULW36BwAAAAw"], referer: http://google.com show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 stinpriza	2025-05-28 21:08:20 (1 year ago)	(XMLRPC) xmlrpc banned 2a01:4f8:1c1b:66c9::1 (DE/Germany/-): 1 in the last 3600 secs	Web App Attack
🇩🇪 SCHAPPY	2025-03-20 20:30:03 (1 year ago)	Excessive crawling, scraping, request limit exceeded, HTTP code 429.	Web App Attack
🇺🇸 TPI-Abuse	2025-01-05 01:05:33 (1 year ago)	(mod_security) mod_security (id:210730) triggered by 2a01:4f8:1c1b:66c9::1 (Unknown): 1 in the last ... show more (mod_security) mod_security (id:210730) triggered by 2a01:4f8:1c1b:66c9::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jan 04 20:05:26.844286 2025] [security2:error] [pid 3898063:tid 3898089] [client 2a01:4f8:1c1b:66c9::1:33276] [client 2a01:4f8:1c1b:66c9::1] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.managementlaw.com\|F\|2"] [data ".getclef.com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.managementlaw.com"] [uri "/http:\\\\/\\\\/support.getclef.com"] [unique_id "Z3na1mwz0eHkY1RN3dIR3QAAAJg"], referer: http://google.com show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2024-12-26 18:13:57 (1 year ago)	(mod_security) mod_security (id:240950) triggered by 2a01:4f8:1c1b:66c9::1 (Unknown): 1 in the last ... show more (mod_security) mod_security (id:240950) triggered by 2a01:4f8:1c1b:66c9::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Dec 26 13:13:49.580667 2024] [security2:error] [pid 12716:tid 12716] [client 2a01:4f8:1c1b:66c9::1:34726] [client 2a01:4f8:1c1b:66c9::1] ModSecurity: Access denied with code 403 (phase 1). Pattern match "\\\\D" at TX:1. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "4530"] [id "240950"] [rev "2"] [msg "COMODO WAF: XSS & SQL injection vulnerability in Pragyan CMS 3.0 (CVE-2015-1471)\|\|portalvasco.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "portalvasco.com"] [uri "/spotify:user:antiradares:playlist:16k9rpro9i2exmu6ljw69i"] [unique_id "Z22c3SeBx_iGCILd2z15ogAAAAY"], referer: http://google.com show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2024-10-04 22:58:51 (1 year ago)	(mod_security) mod_security (id:225170) triggered by 2a01:4f8:1c1b:66c9::1 (Unknown): 1 in the last ... show more (mod_security) mod_security (id:225170) triggered by 2a01:4f8:1c1b:66c9::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Oct 04 18:58:46.202679 2024] [security2:error] [pid 17259:tid 17259] [client 2a01:4f8:1c1b:66c9::1:45150] [client 2a01:4f8:1c1b:66c9::1] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|alpha-hk.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "alpha-hk.com"] [uri "/wp-json/wp/v2/users/1"] [unique_id "ZwBzJv9sqgPiqotMx8yKiwAAABg"], referer: http://google.com show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2024-07-12 22:40:40 (1 year ago)	(mod_security) mod_security (id:210730) triggered by 2a01:4f8:1c1b:66c9::1 (Unknown): 1 in the last ... show more (mod_security) mod_security (id:210730) triggered by 2a01:4f8:1c1b:66c9::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 12 18:40:34.145854 2024] [security2:error] [pid 25579] [client 2a01:4f8:1c1b:66c9::1:43660] [client 2a01:4f8:1c1b:66c9::1] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|procigar.org\|F\|2"] [data ".godominicanrepublic.com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "procigar.org"] [uri "/event/procigar-festival-2022/www.godominicanrepublic.com"] [unique_id "ZpGw4siYmAWtyIVZLx-dlwAAAAk"], referer: http://google.com show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2024-06-03 03:35:17 (2 years ago)	(mod_security) mod_security (id:225170) triggered by 2a01:4f8:1c1b:66c9::1 (Unknown): 1 in the last ... show more (mod_security) mod_security (id:225170) triggered by 2a01:4f8:1c1b:66c9::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 02 23:35:11.537642 2024] [security2:error] [pid 23415] [client 2a01:4f8:1c1b:66c9::1:49012] [client 2a01:4f8:1c1b:66c9::1] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|www.rohanbyles.com.au\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.rohanbyles.com.au"] [uri "/wp-json/wp/v2/users/1"] [unique_id "Zl05759HnMpEx6s1D_CB6AAAABA"], referer: http://google.com show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2024-05-18 11:17:27 (2 years ago)	(mod_security) mod_security (id:210730) triggered by 2a01:4f8:1c1b:66c9::1 (Unknown): 1 in the last ... show more (mod_security) mod_security (id:210730) triggered by 2a01:4f8:1c1b:66c9::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat May 18 07:17:19.826560 2024] [security2:error] [pid 9673] [client 2a01:4f8:1c1b:66c9::1:39870] [client 2a01:4f8:1c1b:66c9::1] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|blockadegc.com\|F\|2"] [data ".com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "blockadegc.com"] [uri "/blockadegc.com"] [unique_id "ZkiOP-QliVe7bMbIXJa1GgAAAA8"], referer: http://google.com show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 14 of 14 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇩🇪 151.243.11.35

🇨🇦 146.190.248.172

🇭🇰 144.48.8.10

🇺🇸 57.141.0.252

🇸🇬 45.139.226.127

🇮🇳 223.184.232.123

🇺🇸 172.217.46.150

🇮🇩 157.15.67.253

🇺🇸 104.140.145.149

🇦🇪 87.201.143.192

🇺🇸 69.171.234.129

🇺🇸 34.181.168.84

🇬🇧 217.154.35.203

🇺🇸 216.25.89.75

🇨🇭 209.99.189.177

🇵🇱 172.64.198.57

🇺🇸 152.32.208.106

🇨🇳 106.52.27.253

🇺🇸 104.243.42.167

🇫🇷 85.217.140.7